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DETAILED ACTION 
Claim Rejections - 35 USC § 103 

1. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

2. Claims 1-13 remain rejected under 35 U.S.C. 103(a) as being unpatentable over Angelo 
and (Authoritative Dictionary of IEEE Standards) and further in view of Lambert. 

3. As per claim 1, Angelo discloses a computer system(see fig. 1, sheet 1, and col. 4, lines 
39-40), a processor(102)(see fig. 1, sheet 1, and col. 4, lines 49-50), an access token 
communicator(i.e. probe) for reading a token(i.e. smartcard)(see col. 6, lines 13-15, 33-36), an 
input device(158) of being capable of being coupled to the processor(see fig. 1, sheet 1), the 
input device being adapted to receive a security code(i.e. pin/plain text password)(see col. 3, 
lines 40-41). The Examiner asserts that comparing the password to verification data on the 
access token, is inherent, because Angelo discloses that a password is entered once the token is 
inserted (see col. 3, lines 40-48). Thus, if the two passwords match(i.e. verification data), than 
this confirms that the user is authorized to use the access token(see col. 3, lines 46-48). 

4. According to the Authoritative Dictionary of IEEE Standards, security level is defined as 
a hierarchical level whose purpose is to indicate degree of sensitivity to a designated security 
threat. It indicates a specific level of protection as specified by the security policy being 
enforced(see pg. 1015). Thus, since Angelo discloses security levels than Angelo discloses a 
security pohcy. Angelo discloses security policies(i.e. security levels) that can require different 
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levels of access to different resources by having different passwords(see col. 13, lines 19-22), 
thus access to the resources will be based on what password the user has been granted. 
Furthermore, Angelo discloses a software system executable on the processor, and including a 
system security process controlling operational access to the processor, because Angelo discloses 
that an access token communicator for reading data on the token and comparing the data that is 
inputted with data stored on the token. Thus, the comparison of the data, contains software 
inherent in order to verify the user to a particular resource. Also, Angelo discloses an access 
token and verification data(see col. 3, lines 33-38), setting security policies(i.e. levels), and 
controlling access to resources based on the security policies(i.e. levels)(see col. 13, lines 18-22). 

5. The Examiner takes Official Notice that it is well-known in the art to have a software 
system that contains executable program code, the motivation is that the executable program 
code is a complied program translated into machine code in a format that can be loaded into 
memory and run by a computer's processor. Thus, the motivation of having executable program 
code is that it allows the soflAvare to run. 

6. Angelo does not disclose a receiving a set of security pohcies from the access token in 
the processor in response to verification data. Lambert discloses in response to verification data, 
a set of security policies(i.e. levels) are received(see col. 2, lines 29-36, and col. 2, lines 4-16). 
Further, Lambert controls access to resources based on security poHcies(i.e. levels)(see col. 2, 
lines 43-44). 

7. Both (Angelo and IEEE Standards) with Lambert disclose access control with smartcard. 
It would have been obvious to include the feature of Lambert that discloses in response to 
verification data, a set of security policies are received, with Angelo and IEEE standards. The 
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motivation is that Lambert recognizes a problem when seeking to control access to application 
program modules where a number of different users are required to be allowed access different 
security modules(see col. 1, lines 48-51 of Lambert). Lambert also discloses the conventional 
approach is that a table lookup process scans a static list to determine the access authority of the 
user, and the user is given access to certain applications according to their determined authority 
level(see col. 1, lines 55-61 of Lambert). Thus, such conventional system relying on lookup 
tables of user authorities are vulnerable to breaches of security even if the applications 
themselves are held in protected form(see col. 1, lines 62-65 of Lambert). An unauthorized 
person may seek to add themselves to the list or to change their authority level within the list(see 
col. 1, lines 65-67 of Lambert). Therefore, Lambert provides a more protective measure of 
providing access to users by storing the access level on the card in the form of a key or 
dynamically generating the security policy once the user has typed in his/her PIN(see col. 2, lines 
29-36). 

8. Rejected under same basis as claim 1 and further. As per claim 2, Angelo discloses a non- 
volatile storage device operable coupled to the processor(see fig. 1, sheet 1), and a non- volatile 
storage device(see col. 5, lines 57-60) access password that selectively allows access to the 
nonvolatile storage device, wherein the nonvolatile storage device password is supplied in 
response to the access token reading device reading an access token and the input device 
receiving vahd verification data(see col. 7, lines 54-58, col. 8, lines 19-25, 37-40). 

9. As per claim 3, Angelo discloses at least one of a set of pohcies(i.e. security levels) is 
stored within the nonvolatile storage device password(see col. 13, lines 12-14, 19-25, 34-43). 
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10. As per claim 4, Angelo discloses wherein at least one of the set of policies (i.e. levels) is 
stored on the access token, because Angelo discloses that the user can have varying levels of 
access based on the password, thus when the user enters the password, this password is 
encrypted and compared to a encrypted value stored on the card (see col. 13, lines 19-24, 29-40). 

11. As per claim 5, Angelo discloses that one of the one or more policies (i.e. levels 
corresponds to the verification data, because Angelo discloses that when the user enters different 
passwords that are associated with different levels (i.e. policies) of access to the computer 
system, and if the user's password matches the password stored on the token (i.e. verification 
data), than the user is allowed access to certain resources based on the password that the user 
receives (see col. 13, lines 19-23, 30-43). 

12. As per claims 6-8, Hmitations have already been addressed see claim 1 and 15, further, 
the Examiner takes Official Notice that by having a security policy for bios control information 
is well-known, the motivation is that the user can change system settings and other configuration 
information dealing with the system. 

13. As per claim 9, Angelo discloses a password corresponding to the nonvolatile storage 
device access password (i.e. peripheral password) is stored on the access token (see col. 3, lines 
41-44). 

14. As per claims 10-11, Angelo discloses that the access token (i.e. smartcard) includes one 
or more bytes of data in a non-keyboard enterable format (i.e. biometrics)(see col. 7, lines 47- 
53). 

15. As per claim 12, Angelo discloses wherein the verification data (i.e. password entered by 
way of biometrics) includes biometric data supplied by a user (see col. 7, lines 47-53). 
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16. As per claim 13, Angelo discloses that the input device includes a keyboard for entering 
in the password, and the verification data includes a password (i.e. PIN) stored on the card (see 
col. 3, Unes 40-48). 

17. Claims 15-25 are rejected under 35 U.S.C. 103(a) as being unpatentable over Lambert 
and (Authoritative Dictionary of IEEE Standards) and further in view of Angelo. 

18. As per claim 15, limitations have aheady been addressed see claim 1 . Further, 
limitations of claim 15, Lambert discloses a set of security policies associated with the operating 
system, the operating system operable to receive the security code for selectively enabling the 
security policies to limit access to the computer system(see col. 2, lines 32-50). Lambert fails to 
disclose operating system permitting access to the non-volatile storage device and one or more 
processors if the security code match an authorization data stored in nonvolatile memory; 
however, Angelo teaches that the security code(i.e. peripheral password) matches the 
authorization data stored in non-volatile memory(see col. 3, lines 44-46). It would have been 
obvious to combine Lambert with Angelo, to include the features of security policies(i.e. level), 
the motivation is that Lambert teaches that in prior art a lookup table process scans a static list to 
determine access authority of the user and the require security level(see col. 1, lines 58-61), and 
further teaches that such conventional systems relying on lookup tables of user authorities are 
vulnerable to breaches of security(see col. 62-65). 

19. As per claim 16, Angelo discloses wherein the operating system includes a BIOS and 
wherein the BIOS is stored on nonvolatile memory that is electrically interconnected to the one 
or more processors (see col. 7, lines 15-22, fig. 1, sheet 1). 
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20. As per claim 17, Angelo discloses the access token communication device includes a 
smart card communication device (see col. 6, lines 13-22, 33-36). 

21 . As per claim 18, Angelo discloses the access token communication device includes 
netw^ork circuitry (i.e. adapted to receive signals) from one or more computers interconnected on 
a computer network (col. 5, lines 17-20, 51-53). 

22. As per claim 19, Angelo discloses the access token communication device includes a 
modem that receives signals from a communication line. 

23. As per claim 20, wherein the input device is a keyboard (159)(see fig. 1, sheet 1, col. 9, 
lines 49-50) 

24. As per claim 21, Although Angelo does not expressly disclose a biometric reading 
device; Angelo does disclose that the user can input information by using a biometric device (see 
col. 7, lines 50-53). The Examiner takes Official Notice that a biometric reading device is well- 
known, thus it would be obvious to have a biometric reader, because the motivation is that a 
biometric reader allows one to read the biometric data input by the user. 

25. As per claims 22-23, Although Angelo discloses a fingerprint scanner; a retinal scanning 
device(i.e. biometrics)(see col. 7, lines 50-53). 

26. As per claim 24, Angelo discloses the nonvolatile storage device includes a hard disk 
drive(see col. 5, lines 56-59). 

27. As per claim 25, Angelo discloses a data access code stored in the nonvolatile memory, 
wherein a data request code corresponding to the data access code alters a state of the nonvolatile 
storage device, because Angelo discloses that if the data request code corresponds to the data 
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access code(i.e. peripheral password stored in storage), than the state is altered by unlocking the 
storage device from locked to unlocked(see col. 9, lines 32-38, 43-48). 

28. Claims 26-42 are rejected under 35 U.S.C. 103(a) as being unpatentable over Angelo 
(Authoritative Dictionary of IEEE Standards), Lambert, and further in view of Avame. 

29. As per claim 26, limitations have already been addressed see claim 1 and 15. Further, 
claim 26 rejected by Angelo for a nonvolatile storage device access password that selectively 
allows access to the nonvolatile storage device, wherein the nonvolatile storage device password 
is supplied in response to the access token reading device reading an access token and the input 
device receiving verification data. Angelo does not disclose a master password. However, 
Avame discloses a master password(see col. 3, lines 24-42). 

30. It would have been obvious to combine Angelo with Avame, the motivation to include a 
master password is that a master password allows unlocking an inadvertently locked token(see 
col. 1, lines 37-40 of Avame). Therefore, the motivation to have a master password is that the 
master password seeks to provide a means for the unlocking of locked token which can avoid the 
need to retum such tokens to their issuing authority while at the same time avoiding the possible 
dissemination of information useful for subverting their locking function(see col. 1, lines 52-57). 

31. As per claim 27-34 limitations have already been addressed see claims 1 and 15. 

32. As per claim 35, Angelo discloses that transferring one or more passwords from the 
access token to a computer system, because once the user enters the password, and the password 
is encrypted to produce a peripheral password, and this password is a system password that is 
combined with the password stored in memory (see col. 9, lines 33-35, 43-48). 
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33. As per claim 36, Angelo discloses transferring is in response to an access code received 
by the access token, because Angelo discloses that the access code(i.e. password) is inputted by 
the user(see col. 3, lines 40-41), and then transferred to the computer system(see coL 3, lines 44- 
48). 

34. As per claims 37-38, Angelo discloses wherein one of the one or more passwords 
corresponds to a computer system password installed on the computer system(see col. 8, lines 
20-23), and wherein one of the one or more passwords corresponds to a nonvolatile storage 
device password installed on a nonvolatile storage device(see col. 9, lines 12-32). 

35. As per claim 40, Angelo discloses wherein the one or more security poUcies(i.e. levels) 
are stored in an encrypted format, because based on the password that the user has entered is 
encrypted and this encrypted key has policies that are associated that allow a user to access 
certain resources or devices(see col. 3, lines 37-48, and col. 13, lines 18-26). Further, Microsoft 
Computer Dictionary defines a data stream to be a byte-by-byte flow of data(see pg. 1 10). 
Therefore, a data stream(i.e. password) is bytes of data. 

36. As per claims 41-42, recited the same limitations as claim 14, and fixrther means for 
reading an access token, means for receiving an authentication password(i.e. peripheral 
password), means for verifying the validity of the access token based on the authentication 
password, means for unlocking a nonvolatile storage device on the computer(see col. 9, lines 13- 
38, 43-54). As per the limitation of security policies has akeady been addressed see claim 1 
above. 
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Response to Amendment 

37. Applicant's arguments filed 7/24/2004 have been fully considered but they are not 
persuasive. 

38. The Applicant states that Angelo nor Lambert discloses an executable program code that 
verifies validity of the access token by comparing the security code to a verification data on the 
access token, whereby if the security code matches verification data the access token is valid, 
and an executable program code that receives a set of security policies from the access token in 
the processor if the access token is valid. Apphcant's arguments fail to comply with 37 

CFR 1.1 1 1(b) because they amount to a general allegation that the claims define a patentable 
invention without specifically pointing out how the language of the claims patentably 
distinguishes them from the references. 

39. The Applicant states that Angelo nor Lambert discloses an executable program code that 
sets security pohcies in the processor, wherein one of the one or more policies includes a BIOS 
control information that is used to configure the computer system. Applicant's arguments fail to 
comply with 37 CFR 1.1 1 1(b) because they amount to a general allegation that the claims define 
a patentable invention without specifically pointing out how the language of the claims 
patentably distinguishes them from the references. 

40. The Applicant states that there is no motivation to combine Angelo with Lambert, 
because neither on disclose a set of security policies are stored in the access token such that the 
security policies are received in a processor if the access token is vahd. Applicant's arguments 
fail to comply with 37 CFR 1. 1 1 1(b) because they amount to a general allegation that the claims 
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define a patentable invention without specifically pointing out how the language of the claims 
patentably distinguishes them firom the references. 

41 . The Applicant states that a security level and a security policy are not the synonymous. 
The Examiner disagrees with the Applicant. The Applicant has pointed out pages of the 
specification that disclose a security policy. The Examiner is to interpret the claims broadly in 
light of the specification. According to the Authoritative Dictionary of IEEE Standards, security 
level is defined as a hierarchical level whose purpose is to indicate degree of sensitivity to a 
designated security threat. It indicates a specific level of protection as specified by the security 
policy being enforced(see pg. 1015). Thus, since Angelo discloses security levels than Angelo 
discloses a security policy. Angelo discloses security pohcies(i.e. security levels) that can 
require different levels of access to different resources by having different passwords(see col. 13, 
lines 19-22), thus access to the resources will be based on what password the user has been 
granted. 

42. The Applicant states that Lambert, IEEE Standards, and Angelo does not disclose an 
access token fiulher includes verification data, the verification data operable to provide the 
security policies to the nonvolatile memory if the security code matches an authentication code 
stored in the access token. Applicant's arguments fail to comply with 37 CFR 1 . 1 1 1(b) because 
they amount to a general allegation that the claims define a patentable invention without 
specifically pointing out how the language of the claims patentably distinguishes them fi-om the 
references. 

43. The AppUcant states that Angelo and Lambert discloses the verification data operable to 
provide the security policies to the nonvolatile memory if the security code matches an 
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authentication code stored in the access token. Apphcant's argxxments fail to comply with 37 
CFR 1.1 1 1(b) because they amount to a general allegation that the claims define a patentable 
invention without specifically pointing out how the language of the claims patentably 
distinguishes them firom the references. 

44. The Applicant states that Angelo and Lambert does not discloses a security policies are 
received in nonvolatile memory, if the security code matches an authentication code stored in the 
access token. Applicant's arguments fail to comply with 37 CFR LI 1 1(b) because they amount 
to a general allegation that the claims define a patentable invention without specifically pointing 
out how the language of the claims patentably distinguishes them from the references. 

45. The Applicant states that claims 26-42 does not disclose various limitations that were 
rejected under the prior art of record; however, fail to provide explanations as to why these 
claims do not meet prior art, therefore, these claims are moot. 

Conclusion 

Any inquiry concerning this conmiunication or earlier communications from the 
examiner should be directed to Jenise E Jackson whose telephone number is (571) 272-3791. 
The examiner can normally be reached on M-Th (6:00 a.m. - 3:30 p.m.) alternate Friday's. 

If attempts to reach the examiner by telephone are unsuccessfial, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for pubHshed applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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